[ipv6hackers] IPv6 host scanning in IPv6

Fernando Gont fgont at si6networks.com
Sat Apr 21 22:33:02 CEST 2012


Hi, Chris,

On 04/21/2012 04:30 PM, Christiaan Ottow wrote:
>>> 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255 inet6 
>>> 2000:1337::8cab:b106:43b0:68f0 prefixlen 64 autoconf
>>> autoconfprivacy pltime 14398 vltime 86398
>> 
>> This could be problematic, since these addresses are valid for just
>> 24 hours (vltime==86398). i.e., if you were used to e.g. days-long
>> ssh sessions, this would break them.
> 
> Wouldn't vltime becoming zero break sockets on any platform,
> regardless of the presence of another global address?

Yes, but if you have another address, at the very least you have the
option to use such address. Here, since OpenBSD is only employing
temporary addresses, you have no other option.


> vic0:
> flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu
> 1500 lladdr 00:0c:29:50:3c:79 priority: 0 groups: egress media:
> Ethernet autoselect status: active inet6
> fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1 inet
> 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255 inet6
> 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 deprecated pltime 0
> vltime infty </snip>
> 
> When a new router advertisement comes along, a new tempaddr is
> configured:

That means that there's a period of time during which the host has no
IPv6 connectivity.


> <snip> # ifconfig vic0 vic0:
> flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu
> 1500 lladdr 00:0c:29:50:3c:79 priority: 0 groups: egress media:
> Ethernet autoselect status: active inet6
> fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1 inet
> 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255 inet6
> 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 deprecated pltime 0
> vltime infty inet6 2000:1337::a8ed:ca9e:e408:3d08 prefixlen 64
> autoconf autoconfprivacy pltime 14368 vltime 86368 </snip>
> 
> So, this setup would not break connections I suppose, 

vltime becomes infinity when pltime becomes o? -- that's kind of wierd.


> but would leave
> garbage addresses. I've leave the system running for a while to see
> when vltime becomes infty, and how long deprecated addresses stay
> behind when new addresses have been acquired.

Cool! --Please post the results when you have them.

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





More information about the Ipv6hackers mailing list